Trojan

Trojan.Win32.Xbash removal guide

Malware Removal

The Trojan.Win32.Xbash is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Xbash virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Trojan.Win32.Xbash?



File Info:

name: 8042FA6FA6F5548618AD.mlw
path: /opt/CAPEv2/storage/binaries/bf2560fbdbcd0ba480899bddef99ae01abbd8187aaae6a7441cdecc3f842280b
crc32: 97711440
md5: 8042fa6fa6f5548618ad1990d30fb4a9
sha1: 8589f056222306684dfd3ffeb6e5eece738665e7
sha256: bf2560fbdbcd0ba480899bddef99ae01abbd8187aaae6a7441cdecc3f842280b
sha512: db75465e8fa017862c0ebbe5057caf051617540d226e8f6d885e5f944835cf51b6a1081f2751df9e5c54dcfa94246c71d599dc3a9927c360ae8825bebfc30f88
ssdeep: 49152:OnZqYPuTrQhyEekhGmELPS4Cpe92wuentK:OnkZSyEekImASQ2wuetK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F7752221B693C032D0A31D3108FE8EB56D38FD504B2646EF53D4939A5DB96C06B39BA7
sha3_384: e6ebe2ff298b5eb28e03233328e221ae4d518dde4551e62af5e7a15f15e77ae4a84ff88861872b1aec775db63119dec8
ep_bytes: e8a4080000e985feffffe96870000055
timestamp: 2018-04-15 09:28:07


Version Info:

CompanyName: Mozilla Corporation
FileDescription: Kingsoft Install Tool
FileVersion: 2.1.4.4
InternalName: Kingsoft Install Tool
LegalCopyright: Copyright (C) 2017 Mozilla Corporation All rights reserved.
OriginalFilename: Kingsoft Install Tool
ProductName: Kingsoft Install Tool
ProductVersion: 2.1.4.4
Translation: 0x0409 0x04b0

Trojan.Win32.Xbash also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.Bulz.201626
FireEyeGeneric.mg.8042fa6fa6f55486
CAT-QuickHealTrojan.MauvaiseRI.S5254986
McAfeeArtemis!8042FA6FA6F5
CylanceUnsafe
ZillyaTrojan.Bugor.Win32.33
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0052de311 )
AlibabaMalware:Win32/km_2e75f1.None
K7GWSpyware ( 0052de311 )
Cybereasonmalicious.fa6f55
BitDefenderThetaGen:NN.ZexaF.34646.Gz2@a4Xz4Xlj
CyrenW32/S-0cb3c2b0!Eldorado
SymantecInfostealer
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Agent.PKE
TrendMicro-HouseCallTROJ_GEN.R002C0WI622
Paloaltogeneric.ml
ClamAVWin.Malware.Bugor-9836077-0
KasperskyHEUR:Trojan.Win32.Xbash.gen
BitDefenderGen:Variant.Bulz.201626
CynetMalicious (score: 100)
AvastWin32:JbossMiner-B [Trj]
TencentMalware.Win32.Gencirc.11491c2f
Ad-AwareGen:Variant.Bulz.201626
EmsisoftGen:Variant.Bulz.201626 (B)
ComodoTrojWare.Win32.Spy.Delpem.A@7mkvv5
F-SecureHeuristic.HEUR/AGEN.1201296
VIPREGen:Variant.Bulz.201626
TrendMicroTROJ_GEN.R002C0WI622
McAfee-GW-EditionArtemis!Trojan
SentinelOneStatic AI – Malicious PE
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
APEXMalicious
GDataGen:Variant.Bulz.201626
JiangminTrojan.Generic.eehmo
AviraHEUR/AGEN.1201296
MAXmalware (ai score=89)
Antiy-AVLTrojan/Win32.AGeneric
ArcabitTrojan.Bulz.D3139A
ZoneAlarmHEUR:Trojan.Win32.Xbash.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R313295
VBA32BScope.Trojan.Downloader
ALYacGen:Variant.Bulz.201626
TACHYONTrojan/W32.Xbash.1588200
MalwarebytesMalware.AI.4281620667
RisingWorm.Xbash!1.B438 (CLASSIC)
YandexTrojan.GenAsa!d9grjAxrhxs
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.PKE!tr
AVGWin32:JbossMiner-B [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Xbash?

Trojan.Win32.Xbash removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment